Microsoft-365-Defender-Hunting-Queries VS security-onion

Compare Microsoft-365-Defender-Hunting-Queries vs security-onion and see what are their differences.


Sample queries for Advanced hunting in Microsoft 365 Defender (by microsoft)


Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management (by Security-Onion-Solutions)
Our great sponsors
  • SonarLint - Clean code begins in your IDE with SonarLint
  • InfluxDB - Build time-series-based applications quickly and at scale.
  • SaaSHub - Software Alternatives and Reviews
Microsoft-365-Defender-Hunting-Queries security-onion
14 3
1,408 2,900
- -
9.0 3.9
12 months ago almost 2 years ago
Jupyter Notebook
MIT License -
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.


Posts with mentions or reviews of Microsoft-365-Defender-Hunting-Queries. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-06-15.


Posts with mentions or reviews of security-onion. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-02-02.

What are some alternatives?

When comparing Microsoft-365-Defender-Hunting-Queries and security-onion you can also consider the following projects:

Wazuh - Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

DetectionLab - Automate the creation of a lab environment complete with security tooling and logging best practices

Sending your docker logs - Sending logs from docker containers to

cyberchef-recipes - A list of cyber-chef recipes and curated links

Azure-Sentinel - Cloud-native SIEM for intelligent security analytics for your entire enterprise.

snort-rules - An UNOFFICIAL Git Repository of Snort Rules(IDS rules) Releases. [UnavailableForLegalReasons - Repository access blocked]

h4cker - This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

HELK - The Hunting ELK

Hunting-Queries-Detection-Rules - Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

awesome-pentest - A collection of awesome penetration testing resources, tools and other shiny things

wazuh-ruleset - Wazuh - Ruleset

hid-examples - Examples to accompany the book "Haskell in Depth"